[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.6] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)

ID: oval:org.secpod.oval:def:1801170Date: (C)2018-09-26   (M)2022-08-21
Class: PATCHFamily: unix




In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code.

Platform:
Alpine Linux 3.6
Product:
kamailio
Reference:
9184
CVE-2018-14767
CVE    1
CVE-2018-14767
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.6
cpe:/a:kamailio:kamailio

© SecPod Technologies